diff --git a/apps/web/src/app/admin-console/organizations/settings/organization-settings-routing.module.ts b/apps/web/src/app/admin-console/organizations/settings/organization-settings-routing.module.ts index c75a697140..7feda23f5c 100644 --- a/apps/web/src/app/admin-console/organizations/settings/organization-settings-routing.module.ts +++ b/apps/web/src/app/admin-console/organizations/settings/organization-settings-routing.module.ts @@ -70,6 +70,9 @@ function getSettingsRoute(organization: Organization) { if (organization.canManageScim) { return "scim"; } + if (organization.canManageDeviceApprovals) { + return "device-approvals"; + } return undefined; } diff --git a/apps/web/src/app/admin-console/organizations/settings/settings.component.html b/apps/web/src/app/admin-console/organizations/settings/settings.component.html index bc2b2e54a0..036d05d0f7 100644 --- a/apps/web/src/app/admin-console/organizations/settings/settings.component.html +++ b/apps/web/src/app/admin-console/organizations/settings/settings.component.html @@ -65,7 +65,7 @@ routerLink="device-approvals" class="list-group-item" routerLinkActive="active" - *ngIf="org.canManageUsersPassword" + *ngIf="org.canManageDeviceApprovals" > {{ "deviceApprovals" | i18n }} diff --git a/bitwarden_license/bit-web/src/app/admin-console/organizations/organizations-routing.module.ts b/bitwarden_license/bit-web/src/app/admin-console/organizations/organizations-routing.module.ts index 22cd2571ca..00fd124ff6 100644 --- a/bitwarden_license/bit-web/src/app/admin-console/organizations/organizations-routing.module.ts +++ b/bitwarden_license/bit-web/src/app/admin-console/organizations/organizations-routing.module.ts @@ -62,7 +62,7 @@ const routes: Routes = [ canAccessFeature(FeatureFlag.TrustedDeviceEncryption), ], data: { - organizationPermissions: (org: Organization) => org.canManageUsersPassword, + organizationPermissions: (org: Organization) => org.canManageDeviceApprovals, titleId: "deviceApprovals", }, }, diff --git a/libs/common/src/admin-console/abstractions/organization/organization.service.abstraction.ts b/libs/common/src/admin-console/abstractions/organization/organization.service.abstraction.ts index 1210f4527a..899acf0b43 100644 --- a/libs/common/src/admin-console/abstractions/organization/organization.service.abstraction.ts +++ b/libs/common/src/admin-console/abstractions/organization/organization.service.abstraction.ts @@ -15,7 +15,8 @@ export function canAccessSettingsTab(org: Organization): boolean { org.canManagePolicies || org.canManageSso || org.canManageScim || - org.canAccessImportExport + org.canAccessImportExport || + org.canManageDeviceApprovals ); } diff --git a/libs/common/src/admin-console/models/domain/organization.ts b/libs/common/src/admin-console/models/domain/organization.ts index 89751eb3e8..e1e5e8a6e2 100644 --- a/libs/common/src/admin-console/models/domain/organization.ts +++ b/libs/common/src/admin-console/models/domain/organization.ts @@ -217,6 +217,10 @@ export class Organization { return this.isAdmin || this.permissions.manageResetPassword; } + get canManageDeviceApprovals() { + return (this.isAdmin || this.permissions.manageResetPassword) && this.useSso; + } + get isExemptFromPolicies() { return this.canManagePolicies; }